Posted
by
kdawson
on Tuesday June 22, 2010 @04:17AM
from the leaving-more-than-virtual-tracks dept.

Farhood sends in this snip from the LA Times: "In an updated version of its privacy policy, the company added a paragraph noting that once users agree, Apple and unspecified 'partners and licensees' may collect and store user location data. When users attempt to download apps or media from the iTunes store, they are prompted to agree to the new terms and conditions. Until they agree, they cannot download anything through the store. The company says the data is anonymous and does not personally identify users. Analysts have shown, however, that large, specific data sets can be used to identify people based on behavior patterns."Mashable and The Consumerist have picked up on this collection and sharing of "precise location data, including the real-time geographic location of your Apple computer or device."

The TOS definitely talks about these features totally separately: the Opt-out service is described like this "If you do not want to receive ads with this level of relevance on your mobile device, you can opt out...". It doesn't say you won't be tracked...

When you install an app that uses location data then the app almost certainly already knows exactly who you are, no inferences needed. So the question is not if apps are accessing your location data but if apple is downloading it to the mothership and selling this to third parties whose apps you did not purchase. However there that daya may or may not be processed before handing over. For example, if they hand over a string of locations and times you

IU was just thinking that you could even quantitate the degree of information being handed over and it's likelihood it identifies you. Some measure like the entropy or the mutual information of the data set correlation might quantify the uniquness. That is how many bits in uncertainty would there be on a user ID. Companies could even Publish this in their privacy statements. e.g. apple might say they rank a 11 privacy bits, meaning that the average user is idenitifed to only one pool of 2048 individual

One more reason to keep my money in my pocket. Otherwise when another carrier besides the hated AT&T gets iPhones, I'd have been tempted to buy one. Not now. Apple makes some cool shit, but until they start respecting their customers I'll never be one.

Call me naive, but I trust Apple. I've been using Mobile Me since late 2004. I just migrated away from the Palm phone after three years; I now have an iPhone as my primary phone. My calendar, my contacts, etc. are in the Apple cloud. And guess what? They've never done ANYTHING to erode my trust in them. In the age of telecom companies trying to cap mobile data plans, and place arbitrary restrictions on IP-delivered media content, Apple is busy trying to roll out fiber and generally make the Internet better. I believe that not only do they live by their "think different" mantra, but that they realize the days of the free Internet may be numbered. They're doing their best to save the Internet as we know it. Granted, they have something to gain. But other companies' failure to evolve leaves the door wide open for a company which we should trust far more than AT&T, Time Warner, etc. to preserve the landscape that slashdotters are so eager to protect. The tag is correct, it's a witch hunt. Apple admitted their mistake, we move on.

A very good friend once told me: "If you put your balls in their hands, don't complain if they decide to squeeze them". That was almost ten years ago, and he was referring to Microsoft, but see how it fits perfectly with a lot of companies, including Apple.

What the update means is that they've relaxed the application vetting so apps that use the geolocation API aren't scrutinised as much as they used to be. Apple are telling users that apps can, and will, collect and store your location data, and that they're not going to stop them even if there's no reason for the app to be doing it. The app will still ask you if you want to share your location as it always has done.

Who tells you that might be happening if you have an Android phone? Or if you install a brows

It's different from Google like this: Quoting Cory Doctorow: "This is different from Android, in that Google does not gather your information unless you opt in, and if you do opt in, you can opt out later.

"By contrast, Apple gathers your information without asking you to opt in, and does not present you with the option of opting out.

"What's more, Apple is presenting these new terms retrospectively. People who bought iPads and iPods on the understanding that they could be used without having their location information gathered and shared now find that they *must* allow this information to be gathered and shared (I suppose you could try not updating iTunes, but then you would also have to not upgrade your OS -- OS upgrades come with iTunes upgrades -- and be prepared to be locked out of the app store, and since Apple's use of DRM prevents third parties from putting apps on your devices, you're fundamentally abandoning any hope of loading any code, even third-party code, onto your iPad and iPod)."

People who bought iPads and iPods on the understanding that they could be used without having their location information gathered and shared now find that they *must* allow this information to be gathered and shared (I suppose you could try not updating iTunes, but then you would also have to not upgrade your OS -- OS upgrades come with iTunes upgrades -- and be prepared to be locked out of the app store, and since Apple's use of DRM prevents third parties from putting apps on your devices, you're fundamentally abandoning any hope of loading any code, even third-party code, onto your iPad and iPod).

Read the parent that you're responding to! His point is that Apple is applying these terms to people AFTER they have bought the phone. It's an automatic opt-in unless you want to go to a lot of effort to sit outside Apple's walled garden, at which point you lose a big proportion of the value of the phone that you have already paid for.

For new customers, sure it's opt-in/opt-out, buy Apple or not. But if you do, don't be surprised at the next swift one that Apple pulls.

If "At least they tell you..." is correct, you CAN opt out at any time by not allowing an app to access your location. You can refuse the first time. You can go to the new settings area and turn it off on a per-app basis, and it will show you which apps have requested your location in the last 24 hours.

Perhaps Apple intends to go beyond this, but if not, you have absolute control and can tell exactly what apps are asking and how often. Not bad.

Which part of "retroactive" needs to be explained to you? They change the license not just for new customers but also for existing users, effectively rendering their devices useless as far as many advertised features are concerned unless they agree to the new terms.

I don't give a shit what Apple dose to their customers. I am not an Apple customer. I do not allow my children to be Apple customers. If you want to be one, Fine. I think that those who do set themselves up for this crap are Either A: Ok with it. B: Ignorant of it. or C: Can't refuse the shiny white plastic. Either way I don't give a shit about them.

In theory I do not give a flying fuck about Apple, either. My household is i*-free. The problem is that too many other companies look at what Apple does and follow its example. Mobile devices have come a long way towards an open and consumer-friendly ecosystem, but actions such as this drag us all right back down the hill.

People are sort-of forced to use the phone, since they probably have an expensive monthly contract, and the summary says you can't add more apps/music until you agree to the new agreement -- that's a main feature of the phone.

Though, if I owned an iPhone I'd consider taking it back to the store if I was required to accept this new agreement. Fortunately, this country has reasonable laws that could probably help here -- though IANAL. (Those laws being the ones that prevent a company having a one-sided "agree

I understand being upset but I was responding to opt-in and opt-out, and it's pretty simple - your dollars are your vote for you and how serious you are. The last thing I want to see is a bunch of people up in arms saying we need laws to prevent this. I call BS on that.

And I call BS on your free market democracy ("your dollars are your vote"). You're right about one thing though; we don't need new laws to prevent this. We need the old laws that allow companies to lock down devices that their customers own (DMCA, etc) removed so that we have a real Free market.

The problem here is you are using a phrase ("Nobody is forcing people to use this phone") that is commonly employed by apple fanatics to assert that the only people who have a right to complain about apple are those people that have bought the right to do so (by buying an apple product, why the hell would I do that if I don't like them?) and that people should simply not purchase their products instead of complaining. The reasoning is of course flawed, nobody expects M$-flamers on slashdot to purchase and

[...] if you don't want to have these things don't use it. Nobody is forcing people to use this phone [...] Who cares if it's retroactive? It's a service and service and privacy agreements get updated *all the time*. You pay for that service. [...]

Reading comprehension fail. Let me try again: People who already own an iPhone are forced to accept terms that were not part of the original deal in order to continue to receive software updates - which, as far as I can tell, is a prerequisite for receiving support when issues arise - or to purchase new apps. Altering a contract unilaterally after the parties involved agreed on it is subject to legal restrictions. Apple can try, but I would not be surprised to read about them getting handed their balls in c

The point is that this policy _did not exist when you bought the phone_, you are then FORCED to accept the new policy if you want to be able to get more apps, or just updates the ones you own. Oh yeah, you can also sell the phone for a lesser value than you paid for it, and likely you're subsidized so you're going to have to pay a new one full price like $500 or $600 (while your subscription

You can either go here: https://oo.apple.com/ [apple.com] on your iPhone, iPod or iPad and op out. The support page [apple.com] is typically vague and talked about disabling cookies "and other technologies in mobile advertising services" which can cover just about anything. Mind you the opt-out page showed an error (HAHA!) when I tried it with my iPhone 3GS so I'll stick with the old-fashioned solution which is to turn off location services completely. IMHO location services soak up battery life and they aren't so useful that I ha

Thats for opting out of iAds. You've already agreed to the Terms to allow them to see/store/share your location. Disabling iAds, or even disabling the location option in your iPhone doesn't nullify that part of the contract, and probably doesn't stop them getting your location either. If the police can easily do it, I bet the manufacturers can - and you've agreed to let them.

Don't believe me? Its right there on the page: "Opting out applies only to Apple advertising services and does not affect... the c

AFAIK shutting down the location services means shutting down or disabling the GPS hardware so you are either suggesting that the GPS hardware can't be disabled or that Apple is remotely activating the GPS system in iPhones whose owners have shut it off in order to track the owner.

The iPhone has both GPS and AGPS. You'd only completely disable location tracking by turning off the cell reception too. That would make it pointless as a phone! As I mentioned, this is the same method police use to pin-point mobile phone locations. Accuracy varies.

If you leave location services on and disable access by app you may not be able to stop Apple from tracking you which I pointed out. You are quoting me completely out of context.

I didn't quote you out of context, I quoted the whole of the first paragraph of your comment. Perhaps you should've structured your comment differently if it's unclear.

Don't believe me? Its right there on the page: "Opting out applies only to Apple advertising services and does not affect... the collection and dissemination of location data."

Which one? It does not say that on the support page I linked to so you must be talking about the opt-out page???. I never got far enough to successfully opt out, the page shows an error message claiming I don't have iOS 4 installed which is funny because I installed it yesterday (hence the big fat: HAHA!).

Good to see Apple's upgrading systems are successful then. Is a shame you didn

"Opting out applies only to Apple advertising services and does not affect" the collection and dissemination of location data.

The collection and dissemination outside of advertising (iAds) would mean that the application would have to use location services - which prompts you if it's OK to share your location, and can be disabled at any time for any app.

So it's still opt in, because you have to agree to provide location when you run the app.

Righto, however technically the troll is correct as well. The downside to not opting in is that you are now stuck with a phone and possibly outdated apps and OS that you can't update until you pay/agree to their NSA "time and space tracking" ransom.

"Who tells you that might be happening if you have an Android phone? Or if you install a browser that enables the geolocation services of HTML 5 on your PC (eg http://html5demos.com/geo [html5demos.com] )? No one. They don't have to."

Wrong. Each time you install an Android app, before accepting installation you've given a run down of what permissions the app requires, this includes things like internet access, or making phone calls, but also includes things like judging your rough location using cell masts etc., or judging your fine grained location using GPS. Regarding Google services doing geolocation, that's an option you'll get first time you turn your phone on and can easily change in the menus later if you choose if it has the Google apps pre-installed. I'm not sure why you think they can't stop it on Android, because Android has a marketplace too and all but the most technical users who know the risks anyway use this path for installing apps.

As for IP based geolocation on a PC, frankly I could care less. Even if I'm not using a VPN or something the best they can do is judge my location to be in an area large enough to contain a population of 20 million people. Apart from telling my country that's largely useless information, and that's all it's really used for as it's all that it can be used for, certainly it's not really enough to track you as an individual over and above what your IP already allows.

The HTML5 site gave my location as Bank Station (City of London), which is 15km away. (I'm in London though).

Another site gave my location as Crawley, West Sussex, England (~50km from where I am).

This one [my-i-p.com] comes very close: it says I'm about 5km away from where I really am.

I assume various companies have gathered databases of IP locations, but some are better than others. I'm guessing my ISP (or their ISP, or whatever) is based in Crawley, and that a company with a nearby IP is based in the City, and another

The link in question works using a browser feature that uploads information about you such as your IP, access points near you, and that sort of thing. This is why Google was farming access point data when they did street view.

So in the case of even these most intrusive things, the GP I was responding to is wrong regarding warnings, because your browser warns you. My comments were really targetted towards general IP geolocation that doesn't depend on browser uploads.

Your browser implements the geolocation api. It could be doing various things to do that: e.g. it might send your router (AP) MAC address to a google server that sends back a location that google has harvested with their street view cars...

Or if you install a browser that enables the geolocation services of HTML 5 on your PC?

Well, that browser is also an application - and android tells you on installation that it can access (amongst others), the following permission: "Your Location: coarse (network based) location, fine (GPS) location."

No one. They don't have to. They can't really, because there isn't a "gatekeeper" controlling it all.

When I visit that website in my browser (firefox) I get a little bar at the top asking if I want to share my location with the website. So I vet the sites myself on a case by case basis rather than having Apple decide for me. I am under the impression that Android has a similar permissions system when you install an app.

Every application on Android that uses GPS or Coarse location data explicitly tells you it does when you install it, and if upgraded, it also tells you that it pulls location data if it still uses it, or if the upgrade added that feature.
Nothing on the Android store can use GPS data without you knowing.

I think you're missing what they're really doing. In the past if an app included location-specific advertising there used to be a pop-up asking you if the app could use your location. Now that they've told all the other ad networks that they can't do location-specific advertising but bundled this same feature into iAd, they've added this text to the Terms of Service so that iAd can deliver location-specific advertising without asking your permission (because you gave it to them when you hit OK on the ToS)

on android, and app must explicitly declare the services it needs to access in its manifest, and those permission are shown to to the user before they install the app. that includes permission to obtain the user's location.

Also, if you have a rooted phone, you can install DroidWall, so by default unless you go in and allow Android to let an app communicate via 3G or Wi-Fi, it won't be able to communicate out. This is good for those apps that ask for full network rights without any need for them.

Any cell phone provider has the power to do exactly this. This is despicable, that Apple or anyone else does, but this is the kind of thing we have to expect from the current carriers and the current, almost inexistent, framework of laws protecting privacy.

Do the right thing: for every app you write, upload user location data every 15 minutes for three months. After that quarter, publish the movements of your users to a site with an innocuous name like, say, www.findoutwhethermyiphoneusingpartnerisacheatingbastard.com. Even if you didn't upload other identifying data, it would be very easy to filter on individuals by listing a few places you know they visit. Indeed, I'm sure any intelligence service worth its secret budget tracks people who may be carrying u

A cool idea, turn ad tracking and profit making back on the multinational.
Expose the system to the world with easy to understand images in a press pack.
Someone is paying for the data, show what Apple is selling.
Adamo Bove, head of security at Telecom Italia did show what could be done with the tracking in the case of the CIA rendition team in Italy (2006).

Actually, on a serious note, this is what I'm concerned about. By itself, Apple doesn't care one whit about what I am doing. However, there are companies and people who would love to have real time location data:

1: A DA is looking to run a query of anyone who is in a park after dark. She gets the iLocation data, finds a number of people's phones were in the area, then arrests them all for criminal trespass up to two years (statute of limitations) after the fact. This evidence easily persuades a jury to

Firstly, will this bring about any (if present) early termination clause in contracts as a "significant change in terms?"

Would it be even possible to break the contract with AT&T, if you no longer agree with the new terms of Apple? I only have the iPod, although from what I understand it would make this fancy smart phone practically pointless with out all the apps..

... why, in order to buy music, I have to agree to let Apple sell my location to unknown businesses? What exactly is it about the music transaction that has anything at all to do with my location and some other company that have no relationship with?

It's like going to the shop to buy an ice-cream and coming back to find some squatter living in your house.

iOS 4 has actually improved this a bit. You now can turn off location services for individual applications (as opposed to on/off for everything).If an application requests access to your current location it gets added to the "Location Services" control panel and your answer is remembered. Here you can also change access permissions for all apps that previously requested access to your location.

If you allowed some app access to your location, but change your mind, you can disable access again. Before applica

Google uses secretive drive by shooting tactics for stealing information from everyone and recording locations, even people who don't use their services, and I think that's a lot cooler. I mean, who shows up first in a gangsta rap video? Apple or Google? Hmm... OK, maybe Apple [engadget.com].

and you find yourself not able to get updates of any sort. Since the "i" devices are so intertwined with iTunes it pretty much guarantees you will have to keep current eventually. Having an opt out on what is nearly mandatory software isn't much an opt out is it.

Given that every iPhone has at least one unique ID burned into it(a serial number of its own, plus whatever IMEIs and whatnot being a GSM device implies), I'm guessing that it is a "anonymized identifier that can uniquely identify a user(but only Apple, or AT&T, or their extra special iAD friends, or anybody who knows something about drawing inferences from location data can link to his name/real-life place of residence/shopping habits/place of employment)...

I'm guessing that it is a "anonymized identifier that can uniquely identify a user

You think too much (solly, I'm still in SE Asia).

This is overbuilt and fraught with legal woes. All they need to do is link each account to a "randomised" primary key, that way they can still stay it's anonymised ("not personally identifiable" I believe is the catch phrase) whilst allowing Apple and it's partners to know who they should target. With this they can make sure all Iphone owners in Leeds are directed towards t

This is overbuilt and fraught with legal woes. All they need to do is link each account to a "randomised" primary key, that way they can still stay it's anonymised ("not personally identifiable" I believe is the catch phrase) whilst allowing Apple and it's partners to know who they should target. With this they can make sure all Iphone owners in Leeds are directed towards the nearest weahterspoons rather then a decent pub, meanwhile Apple are protected because they are just a bunch of unidentifiable numbers.

Until one of those partners happens to be Facebook, Google, Twitter, Myspace, Microsoft, etc. Once they can link up one or two "randomized" location histories with times and IPs that certain users log in from, BAM! those users are tied to a "randomized" primary key.

Until one of those partners happens to be Facebook, Google, Twitter, Myspace, Microsoft, etc. Once they can link up one or two "randomized" location histories with times and IPs that certain users log in from, BAM! those users are tied to a "randomized" primary key.

The quotes were meant to indicate sarcasm. I know it's pretty hard to do over the intertubes.

Of course this is what will happen and what I was eluding to (you did put it a but better though). Tying a user to a randomly selected primary key s

Just as Apple has done many things associated with iPhone and the like and later backpeddled, later when all this has blown over it will be re-introduced

There, fixed that for you.

I think Apple has well and truly planned for any potential backlash. They'll backpedal and say "look we care about your privacy" and two months later Apple will be selling your data to the highest bidder.

And, interestingly enough, that post was made before yours. Perhaps you'd like to read slashdot more thoroughly - while there may be the haters and fanbois and Steve-is-the-Dark-Side jokes, there's also informative and interesting posts to be found.

Hey, guess what! These are comments on the story. If you want information on what's really happening regarding the original article, you should probably hit the Apple website, or check out some of the links posted in the story.

You already know what you need to do, and it's the antithesis of being here: RTFA

There's a big difference, I think you might agree, between "complete strangers see me with my pint" and "a man in a suit follows me everywhere, noting the exact time, date and location wherever I go. He's always there, there 24 hours a day, 365 days a year, following me. He also keeps records of every phone call i make, every song I listen to, every message I send and every web page I visit."

One of these, you see, is normal human social behavior. The other is more than a little creepy, and something mo

I'm not baiting you here but why do you care about an anonymous account of your location?

I'd love to know how you think any phone can be anonymous.

I guess if you managed to get it on PAYG, without giving any contact details away to your mobile phone company, without giving any details to iTunes, and without storing any numbers or addresses on your phone at all... Then I guess you might be anonymous. Oh, unless you sign into a website which shares info with Apple, of course.

It's not always about being anonymous. Sometimes it's just not trusting a company with every single detail about what you